What is Canvas Fingerprinting and how the companies use it to track you online

Recently Mozilla planned to display permission prompts if a website attempt to use HTML5 Canvas Image Data in the Firefox web browser: in fact, this HTML5 element is often used to tracking users with a technique called “Canvas Fingerprinting” What is “Canvas Fingerprinting”? Canvas fingerprinting is a type of “browser fingerprinting” techniques of tracking online…

Key reinstallation attacks: my suggested readings

Release the KRACKen! Security researcher Mathy Vanhoef has discovered several vulnerabilities in the core of WPA2 protocol that could allow an attacker to hack into a Wi-Fi network and eavesdrop on the Internet communications. WPA2 is a authentication scheme widely used to secure WiFi connections: now the standard has been compromised and this flaws impacting almost…

Security flaws in VoLTE protocol allow an attacker to spoof numbers and track users

The research paper by P1 Security was presented last week in a security conference in France A team of researchers from security firm P1 Security has detailed a list of flaws in the VoLTE protocol that allows an attacker to spoof anyone’s phone number and place phone calls under new identities, and extract IMSI and geo-location…

Firefox configuration hardening, using a single file

A custom user.js configuration file designed to make your Firefox more secure A user.js file is an alternative method of modifying Firefox’s preferences: it can make certain preference settings more or less “permanent” in a specific profile, and is also a way of documenting preference customizations and it makes it easier to transfer customized settings to…

How to query the ‘Have I been pwned?’ service from command line?

Pretty simple, with a node.js application Have I Been Pwned? is a website created by security expert Troy Hunt, that allows internet users to check if their personal data has been compromised by data breaches. The site collects and analyzes dozens of data leaks containing information about leaked accounts, and allows users to search for…